SSL / TLS
Valid HTTPS · 570ms
x402 discovery
No x402 discovery found
Agent discovery
No agent.json found
llms.txt
Found (85121 chars) · 605ms
security.txt
Not found · 914ms
CORS headers
No CORS header (OK if server-to-server only) · 599ms
Security headers
0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 606ms
Response time
859ms avg · 859ms
MCP server
No MCP endpoint found
API endpoints
2 endpoints found
Error handling
404 returned · 1252ms
x402 compliance
No x402 payment gates found · 918ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 917ms
Documentation
No documentation endpoint
robots.txt AI crawlers
robots.txt exists but no AI crawler rules · 1444ms
AI plugin manifest
No ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec
/openapi.json — 3.0.3, 66 paths, servers defined, auth documented · 1401ms
Privacy / GDPR
No privacy policy or GDPR endpoint
Status / Health
/status found · 1614ms
EU AI Act disclosure
No AI model card or disclosure endpoint
Travel Rule (FATF)
No Travel Rule endpoint or VASP disclosure
A2A Protocol (Google)
No agent.json for A2A discovery
DNSSEC
DNSSEC check failed
CAA Records
No CAA records — any CA can issue certificates
DMARC / SPF
DMARC p=quarantine · SPF ~all (softfail)
Auth maturity
No authentication detected — open API or check failed
API versioning
No versioned paths or version headers found
Human oversight
No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service
No Terms of Service endpoint found
Content-Type
API paths return HTML: /v1/ returns HTML
OASF Classification
No OASF or agent service classification found
MCP Transport Security
No MCP endpoint found
Wallet trust
No wallet address found in x402 or agent.json
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
Critical — 2x402 discovery failedNo x402 discovery found
Agent discovery failedNo agent.json found
Warning — 26security.txt needs attentionNot found
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy
Response time needs attention859ms avg
MCP server needs attentionNo MCP endpoint found
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
Documentation needs attentionNo documentation endpoint
robots.txt AI crawlers needs attentionrobots.txt exists but no AI crawler rules
AI plugin manifest needs attentionNo ai-plugin.json (optional for ChatGPT/LLM integration)
Privacy / GDPR needs attentionNo privacy policy or GDPR endpoint
EU AI Act disclosure needs attentionNo AI model card or disclosure endpoint
Travel Rule (FATF) needs attentionNo Travel Rule endpoint or VASP disclosure
A2A Protocol (Google) needs attentionNo agent.json for A2A discovery
DNSSEC needs attentionDNSSEC check failed
CAA Records needs attentionNo CAA records — any CA can issue certificates
DMARC / SPF needs attentionDMARC p=quarantine · SPF ~all (softfail)
Auth maturity needs attentionNo authentication detected — open API or check failed
API versioning needs attentionNo versioned paths or version headers found
Human oversight needs attentionNo human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service needs attentionNo Terms of Service endpoint found
Content-Type needs attentionAPI paths return HTML: /v1/ returns HTML
OASF Classification needs attentionNo OASF or agent service classification found
MCP Transport Security needs attentionNo MCP endpoint found
Wallet trust needs attentionNo wallet address found in x402 or agent.json
ERC-8004 on-chain needs attentionNo EVM wallet found to verify on-chain registration